<?php

/**!info**

{

  "Plugin Name"  : "plugin_specialuserprefs_title",

  "Plugin URI"   : "http://enanocms.org/",

  "Description"  : "plugin_specialuserprefs_desc",

  "Author"       : "Dan Fuhry",

  "Version"      : "1.1.6",

  "Author URI"   : "http://enanocms.org/"

}

**!*/

/*

 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

 * Version 1.1.6 (Caoineag beta 1)

 * Copyright (C) 2006-2008 Dan Fuhry

 *

 * This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

 *

 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

 */

$userprefs_menu = Array();

$userprefs_menu_links = Array();

function userprefs_menu_add($section, $text, $link)

{

  global $userprefs_menu;

  if ( isset($userprefs_menu[$section]) && is_array($userprefs_menu[$section]) )

  {

    $userprefs_menu[$section][] = Array(

      'text' => $text,

      'link' => $link

      );

  }

  else

  {

    $userprefs_menu[$section] = Array(Array(

      'text' => $text,

      'link' => $link

      ));

  }

}

$plugins->attachHook('tpl_compile_sidebar', 'userprefs_jbox_setup($button, $tb, $menubtn);');

function userprefs_jbox_setup(&$button, &$tb, &$menubtn)

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  global $lang;

  if ( $paths->namespace != 'Special' || $paths->page_id != 'Preferences' )

    return false;

  $tb .= "<ul>$template->toolbar_menu</ul>";

  $template->toolbar_menu = '';

  $button->assign_vars(array(

      'TEXT' => $lang->get('usercp_btn_memberlist'),

      'FLAGS' => '',

      'PARENTFLAGS' => '',

      'HREF' => makeUrlNS('Special', 'Memberlist')

    ));

  $tb .= $button->run();

}

function userprefs_menu_html()

{

  global $userprefs_menu;

  global $userprefs_menu_links;

  global $lang;

  $html = '';

  $quot = '"';

  foreach ( $userprefs_menu as $section => $buttons )

  {

    $section_name = $section;

    if ( preg_match('/^[a-z]+_[a-z_]+$/', $section) )

    {

      $section_name = $lang->get($section_name);

    }

    $html .= ( isset($userprefs_menu_links[$section]) ) ? "<a href={$quot}{$userprefs_menu_links[$section]}{$quot}>{$section_name}</a>\n        " : "<a>{$section_name}</a>\n        ";

    $html .= "<ul>\n          ";

    foreach ( $buttons as $button )

    {

      $buttontext = $button['text'];

      if ( preg_match('/^[a-z]+_[a-z_]+$/', $buttontext) )

      {

        $buttontext = $lang->get($buttontext);

      }

      $html .= "  <li><a href={$quot}{$button['link']}{$quot}>{$buttontext}</a></li>\n          ";

    }

    $html .= "</ul>\n        ";

  }

  return $html;

}

function userprefs_show_menu()

{

  echo '<div class="menu_nojs">

          ' . userprefs_menu_html() . '

          <span class="menuclear"></span>

        </div>

        <br />

        ';

}

function userprefs_menu_init()

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  global $userprefs_menu_links;

  userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_emailpassword', makeUrlNS('Special', 'Preferences/EmailPassword') . '" onclick="ajaxLoginNavTo(\'Special\', \'Preferences/EmailPassword\', '.USER_LEVEL_CHPREF.'); return false;');

  userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_signature', makeUrlNS('Special', 'Preferences/Signature'));

  // userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_publicinfo', makeUrlNS('Special', 'Preferences/Profile'));

  userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_usergroups', makeUrlNS('Special', 'Usergroups'));

  if ( getConfig('avatar_enable') == '1' )

  {

    userprefs_menu_add('usercp_sec_profile', 'usercp_sec_profile_avatar', makeUrlNS('Special', 'Preferences/Avatar'));

  }

  userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_inbox', makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));

  userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_outbox', makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'));

  userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_sent', makeUrlNS('Special', 'PrivateMessages/Folder/Sent'));

  userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_drafts', makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'));

  userprefs_menu_add('usercp_sec_pm', 'usercp_sec_pm_archive', makeUrlNS('Special', 'PrivateMessages/Folder/Archive'));

  /*

  // Reserved for Enano's Next Big Innovation.(TM)

  userprefs_menu_add('Private messages', 'Inbox', makeUrlNS('Special',      'Private_Messages#folder:inbox'));

  userprefs_menu_add('Private messages', 'Starred', makeUrlNS('Special',     'Private_Messages#folder:starred'));

  userprefs_menu_add('Private messages', 'Sent items', makeUrlNS('Special', 'Private_Messages#folder:sent'));

  userprefs_menu_add('Private messages', 'Drafts', makeUrlNS('Special',     'Private_Messages#folder:drafts'));

  userprefs_menu_add('Private messages', 'Archive', makeUrlNS('Special',    'Private_Messages#folder:archive'));

  userprefs_menu_add('Private messages', 'Trash', makeUrlNS('Special',    'Private_Messages#folder:trash'));

  */

  $userprefs_menu_links['usercp_sec_profile'] = makeUrlNS('Special', 'Preferences');

  $userprefs_menu_links['usercp_sec_pm']  = makeUrlNS('Special', 'PrivateMessages');

  $code = $plugins->setHook('userprefs_jbox');

  foreach ( $code as $cmd )

  {

    eval($cmd);

  }

}

$plugins->attachHook('common_post', 'userprefs_menu_init();');

function page_Special_Preferences()

{

  global $db, $session, $paths, $template, $plugins; // Common objects

  global $lang;

  global $timezone;

  global $cache;

  // We need a login to continue

  if ( !$session->user_logged_in )

    redirect(makeUrlNS('Special', 'Login/' . $paths->page), 'Login required', 'You need to be logged in to access this page. Please wait while you are redirected to the login page.');

  // User ID - later this will be specified on the URL, but hardcoded for now

  $uid = intval($session->user_id);

  // Instanciate the AES encryptor

  $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);

  // Basic user info

  $q = $db->sql_query('SELECT username, password, email, real_name, signature, theme, style FROM '.table_prefix.'users WHERE user_id='.$uid.';');

  if ( !$q )

    $db->_die();

  $row = $db->fetchrow();

  $db->free_result();

  $section = $paths->getParam(0);

  if ( !$section )

  {

    $section = 'Home';

  }

  $errors = '';

  switch ( $section )

  {

    case 'EmailPassword':

      // Require elevated privileges (well sortof)

      if ( $session->auth_level < USER_LEVEL_CHPREF )

      {

        redirect(makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . USER_LEVEL_CHPREF, true), 'Authentication required', 'You need to re-authenticate to access this page.', 0);

      }

      if ( isset($_POST['submit']) )

      {

        $email_changed = false;

        // First do the e-mail address

        if ( strlen($_POST['newemail']) > 0 )

        {

          switch('foo') // Same reason as in the password code...

          {

            case 'foo':

              if ( $_POST['newemail'] != $_POST['newemail_conf'] )

              {

                $errors .= '<div class="error-box">' . $lang->get('usercp_emailpassword_err_email_no_match') . '</div>';

                break;

              }

          }

          $q = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE user_id='.$session->user_id.';');

          if ( !$q )

            $db->_die();

          $row = $db->fetchrow();

          $db->free_result();

          $new_email = $_POST['newemail'];

          if ( $result != 'success' )

          {

            $message = '<p>' . $lang->get('usercp_emailpassword_err_list') . '</p>';

            $message .= '<ul><li>' . implode("</li>\n<li>", $result) . '</li></ul>';

            die_friendly($lang->get('usercp_emailpassword_err_title'), $message);

          }

          $email_changed = true;

        }

        // Obtain password

        {

          // At this point we know if we _want_ to change the password...

          // We can't check the password to see if it matches the confirmation

          // because the confirmation was destroyed during the encryption. I figured

          // this wasn't a big deal because if the encryption worked, then either

          // the Javascript validated it or the user hacked the form. In the latter

          // case, if he's smart enough to hack the encryption code, he's probably

          // smart enough to remember his password.

          if ( strlen($newpass) > 0 )

          {

            if ( defined('ENANO_DEMO_MODE') )

              $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_demo') . '</div>';

            // Perform checks

            if ( strlen($newpass) < 6 )

              $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_password_too_short') . '</div>';

            if ( getConfig('pw_strength_enable') == '1' )

            {

              $score_inp = password_score($newpass);

              if ( $score_inp < $score_min )

                $errors .= '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_emailpassword_err_password_too_weak', array('score' => $score_inp)) . '</div>';

            }

            if ( $_POST['use_crypt'] == 'no' && $newpass != $_POST['newpass_confirm'] )

            {

              $errors .= '<div class="error-box">' . $lang->get('usercp_emailpassword_err_password_no_match') . '</div>';

            }

            // Encrypt new password

            if ( empty($errors) )

            {

              // Perform the swap

              $session->set_password($session->username, $newpass);

              // Log out and back in

              $username = $session->username;

              $session->logout();

              if ( $email_changed )

              {

                if ( getConfig('account_activation') == 'user' )

                {

                  redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_user'), 20);

                }

                else if ( getConfig('account_activation') == 'admin' )

                {

                  redirect(makeUrl(get_main_page()), $lang->get('usercp_emailpassword_msg_profile_success'), $lang->get('usercp_emailpassword_msg_need_activ_admin'), 20);

                }

              }

              redirect(makeUrlNS('Special', 'Preferences'), $lang->get('usercp_emailpassword_msg_pass_success'), $lang->get('usercp_emailpassword_msg_password_changed'), 5);

            }

          }

        }

      }

      $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_emailpassword_title');

      break;

    case 'Signature':

      $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_signature_title');

      break;

    case 'Profile':

      $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_publicinfo_title');

      break;

  }

  $template->header();

  // Output the menu

  // This is not templatized because it conforms to the jBox menu standard.

  userprefs_show_menu();

  switch ( $section )

  {

    case 'EmailPassword':

      $errors = trim($errors);

      if ( !empty($errors) )

      {

        echo $errors;

      }

      echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >';

      // Password change form

      echo '<fieldset>

        <legend>' . $lang->get('usercp_emailpassword_grp_chemail') . '</legend>

        ' . $lang->get('usercp_emailpassword_field_newemail') . '<br />

          <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail" size="30" tabindex="3" />

        <br />

        <br />

        ' . $lang->get('usercp_emailpassword_field_newemail_confirm') . '<br />

          <input type="text" value="' . ( isset($_POST['newemail']) ? htmlspecialchars($_POST['newemail']) : '' ) . '" name="newemail_conf" size="30" tabindex="4" />

      </fieldset>

      <br />

      <div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>';

      echo '</form>';

      // ENCRYPTION CODE

      ?>

      <script type="text/javascript">

      addOnloadHook(function()

        {

          password_score_field(document.forms.empwform.newpass);

        });

      </script>

      <?php endif; ?>

      <?php

      echo $session->aes_javascript('empwform', 'newpass');

      break;

    case 'Signature':

      if ( isset($_POST['new_sig']) )

      {

        $sig = $_POST['new_sig'];

        $sig = RenderMan::preprocess_text($sig, true, false);

        $sql_sig = $db->escape($sig);

        $q = $db->sql_query('UPDATE '.table_prefix.'users SET signature=\'' . $sql_sig . '\' WHERE user_id=' . $session->user_id . ';');

        if ( !$q )

          $db->_die();

        $session->signature = $sig;

        echo '<div class="info-box" style="margin: 0 0 10px 0;">' . $lang->get('usercp_signature_msg_saved') . '</div>';

      }

      echo '<form action="'.makeUrl($paths->fullpage).'" method="post">';

      echo $template->tinymce_textarea('new_sig', htmlspecialchars($session->signature));

      echo '<input type="submit" value="' . $lang->get('usercp_signature_btn_save') . '" />';

      echo '</form>';

      break;

    case "Profile":

    case 'Home':

      global $email;

      $userpage_id = $paths->nslist['User'] . sanitize_page_id($session->username);

      $userpage_exists = ( isPage($userpage_id) ) ? '' : ' class="wikilink-nonexistent"';

      $user_page = makeUrlNS('User', sanitize_page_id($session->username));

      $site_admin = $email->encryptEmail(getConfig('contact_email'), '', '', $lang->get('usercp_intro_para3_admin_link'));

      echo '<h3 style="margin-top: 0;">' . $lang->get('usercp_intro_heading_main', array('username' => $session->username)) . '</h3>';

      echo  $lang->get('usercp_intro', array('userpage_link' => $user_page));

      $available_ranks = $session->get_user_possible_ranks($session->user_id);

      $current_rank = $session->get_user_rank($session->user_id);

      if ( isset($_POST['submit']) )

      {

        $real_name = htmlspecialchars($_POST['real_name']);

        $real_name = $db->escape($real_name);

        $timezone = intval($_POST['timezone']);

        $tz_local = $timezone + 1440;

        $dst = $db->escape($_POST['dst']);

        if ( !preg_match('/^[0-9]+;[0-9]+;[0-9]+;[0-9]+;[0-9]+$/', $dst) )

          $dst = '0;0;0;0;60';

        $GLOBALS['dst_params'] = explode(';', $dst);

        $imaddr_aim = htmlspecialchars($_POST['imaddr_aim']);

        $imaddr_aim = $db->escape($imaddr_aim);

        $imaddr_msn = htmlspecialchars($_POST['imaddr_msn']);

        $imaddr_msn = $db->escape($imaddr_msn);

        $imaddr_yahoo = htmlspecialchars($_POST['imaddr_yahoo']);

        $imaddr_yahoo = $db->escape($imaddr_yahoo);

        $imaddr_xmpp = htmlspecialchars($_POST['imaddr_xmpp']);

        $imaddr_xmpp = $db->escape($imaddr_xmpp);

        $homepage = htmlspecialchars($_POST['homepage']);

        $homepage = $db->escape($homepage);

        $location = htmlspecialchars($_POST['location']);

        $location = $db->escape($location);

        $occupation = htmlspecialchars($_POST['occupation']);

        $occupation = $db->escape($occupation);

        $hobbies = htmlspecialchars($_POST['hobbies']);

        $hobbies = $db->escape($hobbies);

        $email_public = ( isset($_POST['email_public']) ) ? '1' : '0';

        $disable_js_fx = ( isset($_POST['disable_js_fx']) ) ? '1' : '0';

        $session->real_name = $real_name;

        if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) && !empty($imaddr_msn) )

        {

          $imaddr_msn = "$imaddr_msn@hotmail.com";

        }

        if ( !preg_match('#^https?://#', $homepage) )

        {

          $homepage = "http://$homepage";

        }

        if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )

        {

          $homepage = '';

        }

        $session->user_extra['user_aim'] = $imaddr_aim;

        $session->user_extra['user_msn'] = $imaddr_msn;

        $session->user_extra['user_xmpp'] = $imaddr_xmpp;

        $session->user_extra['user_yahoo'] = $imaddr_yahoo;

        $session->user_extra['user_homepage'] = $homepage;

        $session->user_extra['user_location'] = $location;

        $session->user_extra['user_job'] = $occupation;

        $session->user_extra['user_hobbies'] = $hobbies;

        $session->user_extra['email_public'] = intval($email_public);

        // user title

        $user_title_col = '';

        if ( $session->get_permissions('custom_user_title') && isset($_POST['user_title']) )

        {

          $user_title = trim($_POST['user_title']);

          if ( empty($user_title) )

          {

            $colval = 'NULL';

            $session->user_title = null;

          }

          else

          {

            $colval = "'" . $db->escape($user_title) . "'";

            $session->user_title = $user_title;